Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threat Intelligence
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-48165: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MariaDB serverCVE-2026-48165 0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:35:16 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-48163: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MariaDB serverCVE-2026-48163 0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the rsync SST method. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:34:57 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44173: CWE-863: Incorrect Authorization in MariaDB serverCVE-2026-44173 0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:34:30 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44172: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in MariaDB serverCVE-2026-44172 0 MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysql_real_escape_string() and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections, even though mysql_real_escape_string() was supposed to prevent them. This issue has been patched in versions 3.3.19 and 3.4.9. Join the discussion | CVE Database V5 | 06/12/2026, 17:34:04 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44171: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MariaDB serverCVE-2026-44171 0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contain such paths, but a specially crafted archive could have caused mbstream to create files outside of the target-dir path. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:33:27 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44170: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MariaDB serverCVE-2026-44170 0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP attribute into the curl command line without proper sanitizing. This allows the user to execute shell commands on the server. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2. Join the discussion | CVE Database V5 | 06/12/2026, 17:30:15 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44169: CWE-863: Incorrect Authorization in MariaDB serverCVE-2026-44169 0 MariaDB server versions 11.4.1 through before 11.4.11, 11.8.1 through before 11.8.7, and version 12.3.1 contain an authorization vulnerability. A user with EXECUTE privilege on a stored routine granted via a role could view the routine's definition without having the SHOW CREATE ROUTINE privilege. This issue has been fixed in versions 11.4.11, 11.8.7, and 12.3.2. The vulnerability has a medium severity rating with a CVSS score of 4.3. Join the discussion | CVE Database V5 | 06/12/2026, 17:31:53 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-44168: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MariaDB serverCVE-2026-44168 0 CVE-2026-44168 is an OS command injection vulnerability in MariaDB server affecting specific versions during the SST (State Snapshot Transfer) process. The donor node interpolates parameters sent by the joiner into the command line without proper validation, allowing a malicious joiner to execute arbitrary shell commands on the donor side via the mariabackup SST method. This vulnerability has been patched in later versions. Join the discussion | CVE Database V5 | 06/12/2026, 17:31:26 UTC Added: 06/12/2026, 17:55:21 UTC |
CVE-2026-10787: CWE-862 Missing authorization in Devolutions ServerCVE-2026-10787 0 Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request. This issue affects : * Devolutions Server 2026.2.4.0 * Devolutions Server 2026.1.20.0 and earlier Join the discussion | CVE Database V5 | 06/08/2026, 18:26:25 UTC Added: 06/08/2026, 19:03:40 UTC |
CVE-2026-10786: CWE-312 Cleartext storage of sensitive information in Devolutions ServerCVE-2026-10786 0 Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request. This issue affects : * Devolutions Server 2026.2.4.0 * Devolutions Server 2026.1.20.0 and earlier Join the discussion | CVE Database V5 | 06/08/2026, 18:26:09 UTC Added: 06/08/2026, 19:03:40 UTC |
Showing 1 to 10 of 10 results